This section is concerned with the implementation of CA-TMS. We present the architecture and the modular design of CA-TMS. The source code is available under the Apache Software License 2.0 [181] at https://github.com/ca-tms/CA-TMS.
Trust validation is executed by a client program, the CA-TMS client. It commu- nicates with the browser via a browser plugin. The CA-TMS client is implemented in Java [168]. As browser, the Firefox browser was chosen and an according plugin
was implemented that realizes the communication between browser and CA-TMS client. The CA-TMS client is designed to be application independent. The setup is displayed in Figure 4.4.
Browser browser pluginCA-TMS CA-TMS client
Figure 4.4: CA-TMS setup
The CA-TMS client maintains the user’s trust view and implements the algo- rithms for trust validation, learning processes and information collection as well as bootstrapping and revocation monitoring. Additionally, it allows the user to manage his trust view and to configure the user preferences through a user interface.
Here, we focus on the system design and give an overview on the implemented functionality. For implementation details and a manual for installation we refer the reader to the project web page.
4.3.1 The CA-TMS client
In the following the architecture of the CA-TMS client is described. The client is organized into different layers that group related functionality. The layers them- selves are subdivided into different components. We first describe the top level architecture and summarize the functionality of the layers. Afterwards, we give a detailed specification of each layer and the contained components. The design is based on the Layered Application Guidelines of the Microsoft Application Architec- ture Guide [154].
The high level architecture is shown in Figure 4.5. It is structured into five layers and a cross-cutting (CC) module. The layers are the presentation layer (PL), the services layer (SL), the business layer (BL), data access layer (DAL) and the support services access layer (SSAL). The PL contains all components to provide user interaction. It enables user input and user information. The SL contains all components to expose the functionality of the CA-TMS client to other applications. The BL encapsulates the business logic of the CA-TMS client and implements its core functionality. The DAL comprises the components related to data access and representation of user-specific data. The SSAL provides access to support services and implements components that enable the consumption and processing of data provided by support services. The CC implements functionality that spans layers.
Presentation Layer Services Layer Business Layer Data sou rces DAL SSAL Cross-cutting Cr yp to Com m unication
Support Service Access Data Access
Data Helpers App Server Access
UI Presentation Logic Service Interfaces Services Trust Validation Decision Making
Path Validation Backup
Presentation layer Services layer Business layer Da ta sources Data access layer Support services access layer Cross ‐cutting Users Applications Services
Figure 4.5: High level architecture of the CA-TMS client
In the following we describe the layers and explain which functionality they im- plement.
Presentation layer
The PL provides the means for user interaction, like input fields and dialogs. The PL is divided into a graphical user interface (GUI) component and a presentation logic component. The GUI implements the visual elements of the application like buttons and message dialogs which are used to display information to the user and accept user inputs. The GUI of the CA-TMS client is a management GUI, which is not required during normal use.
The different processes for user interaction are encapsulated within the presen- tation logic component. Thus, the presentation logic component defines the logical behavior of the client during user interaction. Furthermore, it defines how data from the underlying layers is presented to the user. This is realized in a platform inde- pendent way using the interfaces provided by the GUI component. Furthermore, it manages how the application reacts to user inputs.
The PL realizes a management GUI for the CA-TMS client and allows the user to configure the CA-TMS client and execute initialization processes like bootstrapping. It also provides the possibility to export the user’s trust view or to import an existing trust view into the system. User interaction directly related to browsing, such as warning dialogs and reconfirmation requests are realized through the browser plugin, which extends the browser’s user interface.
Services layer
The SL contains all components to expose the functionality of the CA-TMS client to other applications. It defines how the client and other applications interact. The service interfaces and the message types are defined here. On the other hand a common interface is provided to the BL. Thus, the SL abstracts from the actually supported service consumers.
The CA-TMS client exposes its services to other application via a web server binding. The CA-TMS client implements a web server that can be queried by the browser plugin with JSON encoded messages over HTTP.
Business layer
The BL encapsulates the business logic of the CA-TMS client. It implements the core functionality of the client such as trust evaluation for given certification paths and the management of the trust view. In particular, it implements the trust validation and trust view update algorithms. Furthermore, the logic for continuous revocation monitoring is implemented in this layer. The BL exposes the functionality of the client to higher layers as PL and SL. For data access or information retrieval from external services, the BL falls back on functionality provided by the lower layers, namely the DAL and the SSAL. Furthermore, it manages escalation rules if no decision can be made based on the available data. For example, the user can be triggered and the decision can be requested if no automatized decision is possible. For trust representation and computation the CertainTrust library [180] is integrated into the client. It provides the necessary operators for combination and aggregation of CertainTrust opinions.
Data access layer
The DAL comprises the components related to data access and representation. Be- sides that it handles import and export of trust views for backup and recovery. The DAL provides a common interface to retrieve and store user data from and to different sources.
For example, through the DAL, the components of the BL can access data on internal or external data sources. The CA-TMS client stores the trust view and the user’s preferences within an SQLite [177] database. The encapsulation of data access within the DAL allows a convenient integration of other storage technologies, as the actual data source is transparent for the other client components. An example could be a remote data base server or a cloud storage.
Support service access layer
The SSAL provides common interfaces to access external support services such as certificate notaries for the reconfirmation of a certificate or OCSP servers for re- vocation checking. The SSAL allows to access different services in a standardized manner. It manages the semantics of communication with the external services. The SSAL is used by the BL components. Access to notary services is encapsu- lated in a separate library, which is developed in a sub project and available at https://github.com/ca-tms/sslcheck. At the time of writing, it implements connectors for the Crossbear notary [171], Perspectives [115], Convergence [145], ICSI [133] and SignatureCheck [175].
The encapsulation of external service access within the SSAL allows to extend CA-TMS with additional services in a convenient way. In particular, the integration of CA-TMS service providers as described in Chapter 5 can be realized within the SSAL.
Cross-cutting
The client components use cryptographic functions and communication protocols. This functionality is encapsulated within the respective cross-cutting components.
4.3.2 The browser plugin
The browser plugin has been implemented as a Firefox extension. The extension manages the communication between the browser and the CA-TMS client. It im- plements an SSL Listener, that is triggered whenever a web site is opened via the HTTPS protocol. Path validation is left to the browser implementation. If path validation has succeeded, the extension extracts the certification path and passes it to the CA-TMS client for trust validation. The loading of the web page is blocked until the validation result is obtained from the CA-TMS client. If trust validation succeeds, the web page is loaded. Otherwise, a warning message is displayed which informs the user about the outcome of trust validation and allows to temporarily override the trust validation result if required.
Additionally, the extension provides a simple user interface to set the required security level during browsing. The security level is transferred to the CA-TMS client when trust validation is requested.